National Center for Supercomputing Applications MyProxy Credential Management Service University of Illinois at Urbana-Champaign

[Valid HTML 4.01]
[Valid CSS]
[Valid Atom 1.0]

(OSI Certified)

Rather than storing your Grid credentials on each machine you use to access the Grid, you can store them in a MyProxy repository and retrieve a proxy credential from the MyProxy repository when needed.

To store a credential in the MyProxy repository, run the myproxy-init command on a computer where your Grid credentials are located. For example:

  $ myproxy-init -s myproxy.ncsa.uiuc.edu
  Your identity: /C=US/O=National Computational Science Alliance/CN=Jim Basney
  Enter GRID pass phrase for this identity:
  Creating proxy ........................................... Done
  Your proxy is valid until Fri Sep 13 13:52:56 2002
  Enter MyProxy Pass Phrase:
  Verifying password - Enter MyProxy Pass Phrase:
  A proxy valid for 168 hours (7.0 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu.

The myproxy-init command prompts first for the pass phrase of your Grid credentials and then prompts twice for a new pass phrase to use to secure the credentials on the MyProxy server. By default, the credential is stored under your Unix username (jbasney in the example above) for 7 days and can be used to retrieve credentials with 12 hour lifetimes. The myproxy-init documentation lists all the available options for the myproxy-init command.

You can set the lifetime of the credentials you store on the MyProxy server to longer (or shorter) than the default of one week using the myproxy-init -c option. To store a credential with the same lifetime as your current credential (for example, your long-lived credential from the CA), you can use the "-c 0" option to myproxy-init:

  $ myproxy-init -c 0 -s myproxy.ncsa.uiuc.edu
  Your identity: /C=US/O=National Center for Supercomputing Applications/CN=Jim Basney
  Enter GRID pass phrase for this identity:
  Creating proxy ............................... Done
  Proxy Verify OK
  Your proxy is valid until: Thu Oct 20 17:29:28 2005
  Enter MyProxy pass phrase:
  Verifying - Enter MyProxy pass phrase:
  A proxy valid for 7278 hours (303.2 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu.

By default, myproxy-init will use your credentials in $HOME/.globus/usercert.pem and $HOME/.globus/userkey.pem. To upload credentials from a different location to the Myproxy server, set the X509_USER_KEY and X509_USER_CERT environment variables. For example, the following commands use X509_USER_KEY and X509_USER_CERT to upload an existing proxy credential:

  $ export X509_USER_CERT=`grid-proxy-info -path`
  $ export X509_USER_KEY=`grid-proxy-info -path`
  $ myproxy-init -c 0 -s myproxy.ncsa.uiuc.edu
  Your identity: /C=US/O=National Center for Supercomputing Applications/CN=Jim Basney/CN=793146486
  Creating proxy .............................. Done
  Proxy Verify OK
  Your proxy is valid until: Wed Dec 22 03:55:42 2004
  Enter MyProxy pass phrase:
  Verifying - Enter MyProxy pass phrase:
  A proxy valid for 17 hours (0.7 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu.

Once you've stored a credential in the MyProxy repository, you can retrieve a proxy credential whenever you need one with the myproxy-logon command. For example:

  $ myproxy-logon -s myproxy.ncsa.uiuc.edu
  Enter MyProxy Pass Phrase:
  A proxy has been received for user jbasney in /tmp/x509up_u500

The myproxy-logon command prompts for the pass phrase you set previously with myproxy-init, retrieves a proxy credential for you, and stores it in the correct default location for use with Globus. The myproxy-logon documentation lists all the available options for the myproxy-logon command.

Last modified 05/05/06.
©2000-2016 Board of Trustees of the University of Illinois.